CVE-2020-20913: SQL Injection
First published: Tue Apr 04 2023(Updated: )
SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mingsoft MCMS | =4.7.2 | |
| =4.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SQL Injection vulnerability?
The vulnerability ID for this SQL Injection vulnerability is CVE-2020-20913.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Ming-Soft MCMS v.4.7.2.
How can a remote attacker exploit this vulnerability?
A remote attacker can exploit this vulnerability by executing arbitrary code via the basic_title parameter.
What is the severity level of this vulnerability?
The severity level of this vulnerability is critical, with a severity value of 9.8.
Is there a fix available for this vulnerability?
It is recommended to update to a patched version of Ming-Soft MCMS to fix this vulnerability. Please refer to the vendor's website or support for more information.
- collector/nvd-index
- agent/type
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/event
- vendor/mingsoft
- canonical/mingsoft mcms
- version/mingsoft mcms/4.7.2